package com.ruoyi.security.crypto.bcrypt;

import com.ruoyi.project.cipher.SM3Digest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.ruoyi.security.crypto.password.PasswordEncoder;
import org.bouncycastle.util.encoders.Hex;

import java.security.SecureRandom;
import java.util.regex.Pattern;

/**
 * Implementation of PasswordEncoder that uses the BCrypt strong hashing function. Clients
 * can optionally supply a "strength" (a.k.a. log rounds in BCrypt) and a SecureRandom
 * instance. The larger the strength parameter the more work will have to be done
 * (exponentially) to hash the passwords. The default value is 10.
 *
 * @author Dave Syer
 *
 */
public class BCryptPasswordEncoder implements PasswordEncoder {
	private Pattern BCRYPT_PATTERN = Pattern
			.compile("\\A\\$2a?\\$\\d\\d\\$[./0-9A-Za-z]{53}");
	private final Log logger = LogFactory.getLog(getClass());

	private final int strength;

	private final SecureRandom random;

	public BCryptPasswordEncoder() {
		this(-1);
	}

	/**
	 * @param strength the log rounds to use, between 4 and 31
	 */
	public BCryptPasswordEncoder(int strength) {
		this(strength, null);
	}

	/**
	 * @param strength the log rounds to use, between 4 and 31
	 * @param random the secure random instance to use
	 *
	 */
	public BCryptPasswordEncoder(int strength, SecureRandom random) {
		if (strength != -1 && (strength < com.ruoyi.security.crypto.bcrypt.BCrypt.MIN_LOG_ROUNDS || strength > BCrypt.MAX_LOG_ROUNDS)) {
			throw new IllegalArgumentException("Bad strength");
		}
		this.strength = strength;
		this.random = random;
	}

//	public String encode(CharSequence rawPassword) {
//		String salt;
//		if (strength > 0) {
//			if (random != null) {
//				salt = BCrypt.gensalt(strength, random);
//			}
//			else {
//				salt = BCrypt.gensalt(strength);
//			}
//		}
//		else {
//			salt = BCrypt.gensalt();
//		}
//		return BCrypt.hashpw(rawPassword.toString(), salt);
//	}

	public String encode(CharSequence rawPassword){
		byte[] md = new byte[32];
		byte[] msg1 = rawPassword.toString().getBytes();
		SM3Digest sm3 = new SM3Digest();
		sm3.update(msg1, 0, msg1.length);
		sm3.doFinal(md, 0);
		String s = new String(Hex.encode(md));
		return s;
	}

//	public boolean matches(CharSequence rawPassword, String encodedPassword) {
//		if (encodedPassword == null || encodedPassword.length() == 0) {
//			logger.warn("Empty encoded password");
//			return false;
//		}
//
//		if (!BCRYPT_PATTERN.matcher(encodedPassword).matches()) {
//			logger.warn("Encoded password does not look like BCrypt");
//			return false;
//		}
//
//		return BCrypt.checkpw(rawPassword.toString(), encodedPassword);
//	}

	public boolean matches(CharSequence rawPassword, String encodedPassword){
		if (encodedPassword == null || encodedPassword.length() == 0) {
			logger.warn("Empty encoded password");
			return false;
		}
		if (encodedPassword.equals(encode(rawPassword)))
		{
			return true;
		}
		return false;
	}
}
